Verity search results showing SQL code

Report · Jan 27, 2009

This site is still in development and that's why the domain hasn't transferred yet: http://financial-strategist.dataride-previews.com/index.cfm. If you perform a search for the word business, for example, some of the search results display the SQL query code. How can I eliminate this from being included in the search results?

My results page is as follows:
<cfsearch
name = "fs_search"
collection = "fsdocs, affdocs, bodocs, profdocs, wibdocs"
criteria = "#Form.Criteria#"
maxrows = "35">

<CFOUTPUT QUERY="fs_search">
<a href="#url#">#Title#</a> 
#Summary# 
 
</CFOUTPUT>

Report · Jan 28, 2009

I found a similar problem on Experts-Exchange, seen here:

http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/Cold_Fusion_Markup_Language/...

Basically, the solution was to strip the HTML when populating the verity collection.

Report · Apr 22, 2009

I am having the same issue. It does not look good when a search returns code like "select * from catagory...." in the search result page.

I looked at the expert exchange solution but it only strips the tags/html so basically the <cfquery> .. part is removed but the actual query "select * ... " still shows up on the results.

How can we remove such sql codes totally?

Report · Apr 28, 2009

I'm surprised that I haven't been able to get any pointers on this.

Searching is an important part of site design and if CF is showing sql codes then it's not good from security standpoint.

I need to fix this! Anyone have any suggestions?

Report · Apr 28, 2009

There are two ways Verity can index your CF pages (that I know of). One is to do it through the CF Admin Verity Collection and the other is the command line vspider.exe. I believe only the vspider will actually process your CF pages (processing your SQL as well) and the Verity Collection method in the CF Admin will only "read" your CF pages, this "reading" will just display what's in the pages (minus CF includes, etc.).

I could be wrong in this of course because I've learned by trial and error. My experience has been the CF community sites (this one, HOF and Dev Shed) are very slim on Verity help. So I'd say RTFM as much as you can. HTH

Report · Apr 28, 2009

Haven't found anything in the manual.

I'm using verity collection and i guess the engine actually indexes the pages on the server itself ie. cfm pages on source level. When you do a search for the word "select" you can actually see the queries in the search results.

Hasn't anyone gone through this issue??

If there is not answer to this, what is a good alternative as far as keeping a search option in your site that searches throught the pages in your site?

Report · Apr 29, 2009

You're able to query the Verity results themselves and exclude the SELECT statements.

SELECT *

FROM verity_results

WHERE CONTEXT NOT LIKE <cfqueryparam cfsqltype="cf_sql_char" value="%SELECT%" />

Report · Apr 29, 2009

Whenever I've used Verity I've populated it via data, not page crawls - if your content pages contain SQL then SQL will be collated into Verity - no way around that - also every other piece of CF code as well.

A separation of content from logic (via MVC methods) would mean you could point verity at the content without seeing coldfusion code, or add the SQL code via cfinclude and leave the content pages as just content.

I have no easy way to fix it other than those suggestions really. If you intermingle content and logic this will happen.

Adobe Community

Verity search results showing SQL code